Data Security Breaches and the Bottom Line Impact

By Mathew Schwartz

10/24/2005

Think the damage from security breaches can be contained? When it comes to consumer opinion, don’t count on it. According to a recent survey, only 8 percent of consumers who receive a security breach notification do not blame the organization that suffered the breach. In addition, 19 percent of consumers who received a notification took their business elsewhere, and 40 percent were considering doing so.

Simply put, “companies lose customers when a breach occurs,” notes Larry Ponemon, founder and head of the Ponemon Institute, which conducted the survey. Almost 10,000 American adults took part, and 1,100 of them had received a security-breach notification stating that their personal information may have been compromised.

Overall, “86 percent of security breaches involved the loss or theft of customer or consumer information,” Ponemon notes, and “about 14 percent involved employee, student, medical and taxpayer data.” For consumers, the highest number of security notifications came from banks, followed by credit card companies and governmental organizations—including state universities and healthcare providers.

Post-notification, some customers don’t just take their business elsewhere: 5 percent say they’ve hired a lawyer. According to a statement by David Bender, co-head of the privacy practice at White & Case, which sponsored the survey, “Five percent may not seem like much, until you realize that anywhere between 23 million and 50 million Americans have received notification of a data security breach. That means that over one million people out there are likely seeking legal counsel.” Already, security-breach notifications in California have resulted in class-action lawsuits.